PDA

View Full Version : OT: Computer Firewall



George M
05-21-2004, 07:50 AM
Trying to emerge from the stone age and upgrade/learn about my computer and protect it the best I can. Thanks to all that have helped me in this process. I have just installed basic ZoneAlarm freeware on my PC in a effort to put up at least at least a basic firewall. When starting the program and going on line, the ZoneAlarm software prompts me for access. One blurb I get is whether I should grant "ClientSideProxy.exe access to the internet?"
Could one of the many computer literate members of this board explain what this is? Also, any general tips about how to set up the firewall to stave off unwanted hackers?
Thanks,
George

sbcncsu
05-21-2004, 08:38 AM
Trying to emerge from the stone age and upgrade/learn about my computer and protect it the best I can. Thanks to all that have helped me in this process. I have just installed basic ZoneAlarm freeware on my PC in a effort to put up at least at least a basic firewall. When starting the program and going on line, the ZoneAlarm software prompts me for access. One blurb I get is whether I should grant "ClientSideProxy.exe access to the internet?"
Could one of the many computer literate members of this board explain what this is? Also, any general tips about how to set up the firewall to stave off unwanted hackers?
Thanks,
George

George,

I have been using Zonealarm for a couple of years. To answer your last question first, just by having Zonealarm installed and active, you are staving off unwanted hackers, that is what it does. It monitors the ports on your computer (TCP/IP Ports, not serial usb parallel etc...) and blocks traffic except to those programs and applications that you have granted access.

You need to identify the program "ClientSideProxy.exe" and what it is. Do a search for it on you hard drive and determine if it is part of an application like Norton Antivirus, McAfee or some other trusted program. If it is trusted, grant it access to the internet. If it cannot be identified, deny access.

Each program will have an entry under the "Program Control" tab on ZA. There you can grant or deny access or, as in the case of some e-mail programs, set it to act as a server.

You are on the right path by installing ZA. I have been very happy with the free version and am contemplating upgrading to Pro.

HTH,

MicahO
05-21-2004, 08:38 AM
I'll have to let others comment on the ZoneAlarm config - but my basic recommendation for anyone with a high-speed line (either DSL or Cable modem or other high speed connectivity) is to buy a hardware device and use it!

Personally I feel that Zone Alarm or similar programs sit too close to the data to be effective at stopping problems. A hardware device, be it a well-configured filtering router or a simple firewall, prevents most malware from even getting to the PC. Logically speaking, by the time something bad gets intercepted by Zone Alarm, it's already standing in the doorway. I'd rather keep the front door shut.

Basic hardware firewalls from NetGear or Linksys can be had for $50 or $60 bucks, require little configuration out of the box, and require much less tinkering than a software-based 'firewall.' After that is in place, you can work to complete the defense-in-depth with regular Windows Update visits, an active and religiously updated Anti-Virus program set to scan everything, and possibly a decent spam killer. After that, and depending on how far you want to go, you can then look at something like Zone Alarm.

0.02, won't buy much gas......

--Micah

MicahO
05-21-2004, 08:41 AM
One other note on that - The machine(s) being protected by any firewall device must be clean to start, before the protective fences are built. Building protection around an infected PC that can invite unwanted guests won't work. So as Scott was saying - identify items like "clientsideproxy.exe" and ensure that the machine is clean before any further steps are taken.


--Micah

RobPatt
05-21-2004, 09:00 AM
I have cable broadband.... IF I download, I v-scan. I leave winipcfg running (Win98SE). When I want on the 'net, I just click and renew my IP address. When I'm done, I just click "Release". I'm figuring no IP = no problem. Or are there holes/flaws/weaknessess in winipcfg?

Rob sends....





One other note on that - The machine(s) being protected by any firewall device must be clean to start, before the protective fences are built. Building protection around an infected PC that can invite unwanted guests won't work. So as Scott was saying - identify items like "clientsideproxy.exe" and ensure that the machine is clean before any further steps are taken.


--Micah

MicahO
05-21-2004, 09:19 AM
The machine is still unprotected when you are connected and active. Most worms will not reveal their activity until the damage is done, and may not reveal themselves after either. A system like this is also prone to forgetfulness, or dinner breaks, etc. Generally speaking, it's only a good solution if you're never online and never have an IP address.



I have cable broadband.... IF I download, I v-scan. I leave winipcfg running (Win98SE). When I want on the 'net, I just click and renew my IP address. When I'm done, I just click "Release". I'm figuring no IP = no problem. Or are there holes/flaws/weaknessess in winipcfg?

Rob sends....

Jeff C
05-21-2004, 09:32 AM
I am running zonealarm PLUS have a hardware firewall - a linksys router. The guys at linksys assure me that I can remove the zonealarm but I leave it in place to control some of the information that goes out.

Maybe I am paranoid but when I start some programs they try to connect to the net immediately for no apparent reason, secondly when installing new programs off the net sometimes there is spyware that the router would let accesss the net but zone alarm would stop.

Having said all that when I was using a P2P program and granted it access it allowed virus files in as well as spybot type programs - needed to use antivirus and SPYBOT to remove them. I guess my point is no one solution is totally comprehensive if you do a lot of surfing/downloading.

YMMV

jeff

PS how's that new 330 workin?

George M
05-21-2004, 09:40 AM
after do a hard drive search as suggested by sbcncsu above...thanks...and also doing an on-line search...clientsideproxy is related to the MSN acclerator I have on my computer. To accelerate web speed for my dial up, I need to set my ZoneAlarm to accept clientsideproxy internet access.
Here is a web accelerator thread I found that sheds some light:
http://www.sti.net/s-accelenet-faq.html#11

Thanks to all for the above discussion...good stuff and enlightening I am sure to many....certainly to me.
George

Bill R.
05-21-2004, 09:40 AM
found a couple of weeks ago were all directly attributed to programs I had downloaded p2p through kazaa, nobody to blame but myself...didn't scan them well enough after downloading...didn't find them with norton and mcafee on a routine scan... only nod32 found them right away after I installed it....




I am running zonealarm PLUS have a hardware firewall - a linksys router. The guys at linksys assure me that I can remove the zonealarm but I leave it in place to control some of the information that goes out.

Maybe I am paranoid but when I start some programs they try to connect to the net immediately for no apparent reason, secondly when installing new programs off the net sometimes there is spyware that the router would let accesss the net but zone alarm would stop.

Having said all that when I was using a P2P program and granted it access it allowed virus files in as well as spybot type programs - needed to use antivirus and SPYBOT to remove them. I guess my point is no one solution is totally comprehensive if you do a lot of surfing/downloading.

YMMV

jeff

PS how's that new 330 workin?

Derek A.
05-21-2004, 10:27 AM
Go on ebay and buy a hardware firewall. Netgear, Linksys are good brands. If you have an old PC floating around and are feeling adventurous you can use a linux based router such as Freesco @ www.freesco.org.

George M
05-21-2004, 10:32 AM
Derek...I love it when you speak computereze. For me it like reading a dead language...lol. The computerheads are comin' out...yeah baby.
George

Jeff C
05-21-2004, 01:44 PM
Computerhead - who's a computerhead...try techno-weenie...ooops gotta go - have to buy some armor-all to buff up the router and cable modem ;)

It almost looks as good as your valve cover - NOT. I showed the pic of your valve cover to my local indie - he was impressed.

Good Luck


jeff

DueyT
05-21-2004, 02:09 PM
If one condom is 95% effective, then five will be 99.99996875% effective! (gotta love stats) :D

IT "condoms" as follows:

1. Update all of your operating system security patches.

2. Hardware router (as noted earlier) that runs NAT firewall. Also, forward Port 113 to an internal, non-routable IP address (this should "stealth" all your computer's TCP/IP ports)

3. Software firewall, like ZoneAlarm, to a) control program access -- actually more to keep inside programs from sending stuff out unauthorized, and b) tweak firewall formula, like to disable unsolicited ICMP echo (a.k.a. "ping") responses, another giveaway that a "machine" is resident on a particular IP addr.

4. Spybot/data mining removal software, such as LavasoftUSA's "Ad-Aware" or equivalent. You wouldn't believe how much stuff you will actually "authorize" unknowingly just surfing the web.

5. Last but definitely not least, anti-virus software, McAfee and Norton, etc... and keep the virus signature files updated!

David Gibson has an excellent ITSec-related webite here (http://www.grc.com/default.htm). Click on "Shield's Up!" under the "Hot Spots" section to learn anough about ITSec to make you want to disconnect your computer from the internet. :D Good stuff, though...well worth the "read".

Let's be safe out there!

Cheers,
Duey

George M
05-21-2004, 05:56 PM
Appreciate your expertise.
George

George M
05-21-2004, 05:58 PM
Thanks to you all for your responses. May graduate and purchase a hardware wall at some point based upon the good input above.
George

rickm
05-21-2004, 08:34 PM
You can get a DLink 604 or a LinkSys for under 50.00. If you have XP enable it's firewall...it's lame, but it's a start. With the h/w firewall you can shut everything off. If a worm hits the streets you can also block access to that port. I block a lot of stuff out too.

If a software firewall is what you want for whatever reason (like you're on dialup) then Tiny Personal Firewall is nice. It doesn't take up a lot of cpu unlike Norton Personal Firewall. Fairly cheap, I believe it's in the 20 to 30 range.

Spybot and AdAware are great spyware scanners. I've almost brought back PCs "from the dead" by running these after the users complained of slow PCs. Avoid freeware, lots of the stuff is loaded with spy and malware.

Don't forget antivirus. :) Most of them will allow you to do random updates, I check for updates daily. Better safe than sorry. You can write scripts to do the updates, I've seen McAfee and Norton not update for several days, which is slightly annoying.

Lastly educate the family. Stress that lots of freeware is loaded with nasty crap that will come back to haunt you. One user at work loaded some beach screensaver and within minutes you could hear her PC churning away - the spyware that was included went wonky. She turned it off, it was such crap that it wouldn't go away. This 3mb app had such a memory leak it was sucking close to 37mb of memory. :P

Back to writing sql queries, someone have a beer for me for I will need one soon.

Derek A.
05-22-2004, 07:11 AM
Here are a couple of ebay auctions you might want to look at. Usually the Netgear RT314 goes for under $20 and its a solid unit.

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=62031&item=5700178505&rd=1&ssPageName=WDVW

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=23778&item=5700370938&rd=1&ssPageName=WDVW

If you need help installing it George..service calls can set up.

George M
05-22-2004, 08:02 AM
Some very savy computer people on this board. I am reminded that there seems to be a connection between having an affinity for fine, albeit aging, BMW's and the IT industry...guess it comes down to discriminating taste. A question on "restore pt". I know a lot of more evolved people than myself run hard drive back up systems on their home PC's...a must at work or in IT circles of course. But if running the usual current anti-virus software...not freeware but McAfee or Norton, a decent Ad software like Adaware to purge unwanted objects and a firewall be it soft or hardware, does the home PC user (XP OS) have some sanctuary in knowing he can restore back to a certain point "without a downside" provided the computer restore point is keep current to a known and clean return point?
Thanks for any comments,
George

rickm
05-22-2004, 08:57 AM
I've never had to use a restore point but am a huge fan of them. Restore points only have one downside - if your PC is infected with a virus that was around when your last restore point was made then if you do a restore there is a very good chance that you'll be restoring the virus also. I've never witnessed this but it sounds possible. A restore point won't alter your data, it will only bring your PC to a previous place in time. You can adjust the amount of disk space to be used for restore points, the norm is ~10% or so. The smaller the amount the fewer restore points you can have; the larger the amount the more restore points you can have.

When I help someone with their XP machine I always make sure they have system restore enabled. It's nice insurance against human errors, such as installing malware/spyware heavy applications and regretting it later. At work I use them to test out system updates with our applications. I've never had to use one at home but have had more than a few clients use them to get things back to where they once were. They restore system changes only; I don't believe they'll restore data that you've erased.

I don't have a backup system here....not in a dedicated backup sense. I backup my data files to a DVD once in a while, everything else I FTP to work (the only stuff I have that's critical would be my Quicken datasets and Outlook PST file). I have ~60gb of MP3s that I have on here but have burned to DVD for safe keeping. In the future I'm thinking of building a PC with build in RAID so I can mirror my drives.

Don't forget a good UPS and phone line surge suppression.

If you're on cable or dsl then I'd get a HW firewall. Make sure the device is supported by your service; I had a NetGear firewall that worked until my DSL provider when to BBG and it didn't support it...I picked up a Dlink that's worked just fine. If you go wireless PLEASE secure it. :)

DueyT
05-22-2004, 05:03 PM
Rick/George/etc..., I'm running an 80GB Raid 0+1 array (4 x 40GB Maxtor DiamondMax 2Mb) on my Win2K machine...the darn thing is bulletproof. It's been reliable enough that I've never even been tempted to ghost the array onto a bulk/backup drive.

Current config is:
- USR 80000 router (w/NAT, service port 113 forwarded to a non-routable internal IP, my computer is fully stealthed to external probes)
- ZoneAlarm Pro (Pro for popup removal, etc...)
- McAfee 4.5 (with the latest 4.3.20 engine)
- Ad-aware and Spybot

Gibson's FAQ page (http://grc.com/faq-shieldsup.htm)is a good resource about more security stuff. Guys with WiFi routers MUST enable WAP to ensure their network is as secure as possible. More info here (http://www.vbxml.com/wap/articles/wap_security/default.asp) on wireless security.

Cheers,
Duey

George M
05-23-2004, 11:21 AM
Duey...a question about Restore Point when using Windows XP. Should I keep only the latest restore point on my computer?...or is that how it works whenever you create a new restore point...the computer will only save the last restore point? If not, will saving an accumulation/chronology of different Restore Pts chew up more hard drive space?
Thanks for any advice,
George

rickm
05-23-2004, 11:29 AM
If you're happy with your system the way it is...like right after a new build when it's all patched and happy...you can create a restore point. If you want to get rid of the old ones you can disable SR, reboot, then reenable. After you reenable this you can manually create a SR point. If you want to delete the older points you can just change the space allocated to them.

Here are some tips I had bookmarked:
To delete all but the most recent Restore Point (some folks have said this killed all of the restore points, you can always recreate one after this is done).
Start -> Run and type cleanmgr
Select Drive C: and then select more options on the Disk Cleanup for C: requester.
Use the System Restore -> Clean up tab to clear all but the most recent restore point.

To delete all of the Restore Points
Start -> Run and type sysdm.cpl now click the System Restore Tab
Turn Off System Restore on all drives. Click apply and then reboot. Go back and enable System Restore.

To reduce the no. of Restore points (FIFO)
Click the Settings tab and use the slider to drop back to about 5% to purge the oldest restore points. Do this on all drives.
Remember to reset to max after the reboot.

George M
05-23-2004, 12:31 PM
Thanks a lot Rick...great explanation..appreciate it.
George